Daniel Kahn Gillmor <[EMAIL PROTECTED]> writes: > On Thu 2007-05-03 15:38:35 -0400, Simon Josefsson wrote: > >> Right, I think we should mention this. There is no equivalent feature >> in GnuTLS yet, but I'm working on PKCS#11 support to address one aspect >> of this (client smart card authentication) and made the first release a >> few days ago. > > i'd be interested in reviewing this, if you've got test cases that > need it. Sorry that i missed the initial announcement. i use an > eGate smartcard for daily (hooked in via opensc and openct) via PAM > and openssh [0], and i've got a spare device i could test with. > > Can you point me towards something to test?
Neat! It would be very useful to have more testers with other smart card devices. See the gnutls-dev list, and the recent p11-branch announcement: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/1976 http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/1923 Right now, loading trusted CAs via the Scute PKCS#11 provider works. If you can point to a PKCS#11 provider for your card, I can see if I can make GnuTLS support linking to it -- I probably can't test it myself though. >> Btw, I'd like to add other free TLS libraries to the list. That's >> why I made the implementations have one row each in the tables, >> rather than having the implementations be one column each. This >> allows the list of implementations to be added easily, without >> clobbering the page too much. > > these might be worth including: > > http://yassl.com/ > http://www.matrixssl.org/ > > (and soliciting feedback from their developers would be a good thing > for the page, too) Yup. I'll update the comparison page with all input next week or so. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
